On 2014-07-03 06:16, Eliezer Croitoru wrote:
Hey Amos, I was thinking about something in the past and I will try my best to understand what can be done. Basically from what I understand even a read is not possible due to SELINUX by squid. So by that: A simple file "open" for read test on the certificates or even any other settings related files basic test can help to identify issues. What do you think about a basic "read"(and maybe a stat on the file for debug) test for all the main files? Compared to squid load this would be a piece of cake. Specifically for the certificate is one thing since OpenSSL dosn't provide too much. A pointer to find where the certificate read happens will be helpful.
The cache.cf.cc function DoConfigure is the best place to start for that check currently. It contains some for-loops initializing each http_port and https_port entries SSL contexts. You may put the test directly in those loops, or inside the SSL context setup function they call.
Amos
